• Home
  • Manage
  • Access control
  • SSO

User management and SSO

Dynatrace makes it easy to manage user permissions based on user account membership in user groups. You can manage these accounts and groups locally through LDAP or through an IdP.

Basic concepts

To manage user permissions, assign permissions to user groups and then add user accounts to user groups.

  • Each group is assigned a set of permissions.

    recommended Use IAM to determine group permissions based on policies.

  • Each account is assigned to one or more groups.

  • Each account that is assigned to a group inherits the permissions of that group.

  • When you change the permissions of a group, the permissions of each account in that group change accordingly.

  • When you assign an account to multiple groups, the account inherits the combined permissions of all those groups.

General options

Depending on your deployment model (Dynatrace SaaS or Dynatrace Managed), you can do the following:

  • Both models: Use an internal user database to manage users and groups with no external authentication.
  • Both models: Integrate Dynatrace with an SSO IdP (Single Sign-On Identity Provider) for the management of users and groups.
    • You can integrate a Dynatrace SaaS deployment with SAML 2.0 as an SSO IdP.
    • You can integrate a Dynatrace Managed deployment with SAML 2.0 or OpenID as an SSO IdP.
  • Dynatrace Managed only: Connect your Dynatrace Cluster to an external LDAP authentication server to import user groups or accounts that need access to your Dynatrace environment. With LDAP integration, all users are accessed from your external LDAP resource. You then assign group privileges and roles through LDAP.

Dynatrace SaaS

To access user authentication configuration pages in Dynatrace SaaS, open the user menu and select Account settings.

You need admin rights to configure user permissions.

  • Manage user access with IAM recommended or with roles
  • Manage users and groups with SAML
    • AD FS details
    • Azure details
    • Google Workspaces details
    • Okta details
  • Manage users and groups with SCIM
    • Azure details
    • Okta details
  • Specify emergency contacts

Dynatrace Managed

In Dynatrace Managed, select User authentication in the navigation menu to access user authentication configuration pages.

  • User groups, permissions, and policies
  • Manage users and groups via LDAP
  • Manage users and groups with SAML in Dynatrace Managed
  • Manage users and groups with OpenID in Dynatrace Managed

Specify emergency contacts

Ask the Dynatrace Community

See the Dynatrace Community SSO label for questions and answers related to Dynatrace and SSO.